AW: AW: Efail or OpenPGP is safer than S/MIME

Andrew Gallagher andrewg at
Wed May 16 15:55:16 CEST 2018

> On 16 May 2018, at 13:44, Fiedler Roman <Roman.Fiedler at> wrote:
> I am not sure, if gpg could support implementation/testing/life-cycle-efforts to establish all those parameters and different process models for most of the decryption processes gpg users envision to use gpg for.

Why do we need a plethora of configuration parameters to selectively turn off various parts of a security protocol? Why should we even encourage such a thing? With security, either everything seems to be ok, or it’s broken in such a way that it’s potentially an utter disaster. And quite probably both simultaneously. 

The only reasonable use case for selective disabling of security protocol features is for backwards compatibility. That doesn’t require fine grained control, just a version number. And even then, it opens up the possibility for user error. 

I’m going to preemptively quote RJH here before he gets around to it. Use the defaults! ;-)


More information about the Gnupg-users mailing list